Threat Stack Blog

Here at Threat Stack, we’ve been talking a lot about security observability recently (check out this article and whitepaper). When you design and monitor your systems for security observability, you reduce risk and minimize the likelihood and potential impact of a security breach.

But in the same way that you’d never invest in locks and alarms for the windows of your house while leaving the doors wide open, you can’t protect your business by focusing security observability on a single perimeter only. Security observability delivers value when it’s applied throughout the entire system. We call this Full Stack Security Observability. But what, exactly, is the “full stack?”Read more “Defining the “Full Stack” in Full Stack Security Observability”

Continuous integration (CI) tools are the engine that drives today’s SaaS software development strategy across all business, corporate, consumer, and industrial boundaries. CI is crucial to streamlining development processes and providing engineering teams with real-time insights on software deployment.

Continuous delivery (CD) is the next level of continuous integration and is vital to delivering stable software to a test environment so developers can determine whether the software is releasable.

A CI/CD pipeline helps automate steps in the software delivery process, such as initiating code builds, running automated tests, and deploying to a staging or production environment. Automated pipelines remove manual errors, provide standardized development feedback loops, and enable fast product iterations. An effective CI/CD strategy can automate the process all the way to deployment in production environments so customers can see changes sooner.

Introduction

Colorado has rightfully gained a reputation as one of the most socially progressive states as it was one of the first to adapt a regulated adult use marijuana marketplace. Now, Colorado is making news headlines again as it has adopted one of the nation’s strictest consumer privacy laws. The Colorado Consumer Protection Act (CCPA) is the result of a continued effort to protect residents’ personal data. Colorado’s law follows in theme with at least thirty-one other states that have heightened security surrounding consumers’ personal data and stands out as one of only twelve states that have imposed broader data security requirements.

Any company or public agency storing a Colorado resident’s personal data will now need a data-protection policy, an efficient breach notification system, and the capability to destroy the data when it is no longer needed. Whether you are a small company of one person or a Fortune 500 company, as long as you have customers in Colorado, you must comply with this new law. And whether or not your business is located in Colorado is irrelevant — what is key is whether you have customers located within the state.

For more details, take a look at the following article written by Kevin Kish, Privacy Technical Lead at Schellman & Company. In this article, Kevin highlights key takeaways from this law, as well as areas in which this law differentiates itself as one of the nation’s strictest data protection laws.

Earlier this week a group of security researchers from Graz University of Technology, imec-DistriNet, KU Leuven, Worcester Polytechnic Institute, and Cyberus Technology identified and analyzed a vulnerability in Intel chips being called ZombieLoad (CVE-2018-12130) that allows sensitive data to be stolen from the processor. You can get all the details on ZombieLoad directly from the researchers here. Thankfully, researchers do not believe this exploit has been used in a real-life attack.Read more “How to Defend Against ZombieLoad”

When

About This Threat Briefing

Recently, Threat Stack’s Security Operations Center (SOC) uncovered a variation of the Shellbot malware in a public cloud environment. In this active cryptojacking campaign, the sophisticated malware features several layers of obfuscation and continues to be updated with new functionality after it has gained a foothold in an infected environment.

In this briefing, Threat Stack SOC Analyst Ethan Hansen will walk through the details of the newly discovered cryptojacking campaign, including the malware components, actual observed attack path, and the future investigations.

Registration

Free Download

Threat Stack’s Security Operations Center (SOC) recently discovered an ongoing and evolving malware campaign that leverages a new variant of the Shellbot malware discovered by JASK in November 2018 and published in February 2019. (You can read their full report here.)

Security Observability has become an important concept recently as companies have started building software with a cloud-native mindset, embracing distributed, immutable, and ephemeral systems. As infrastructure has shifted from traditional deployment methods, older monitoring systems are no longer effective, and a new set of practices — called “observability” — has emerged.

Modern healthcare is a full participant in the digital economy, and personal health information (PHI) is at its center. But today’s digital landscape is a volatile threat environment where sensitive personal data is a coveted commodity. Minimizing exposure, liability, and risk to PHI is a necessity with visibility all the way up to the board-level in every healthcare organization.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) includes the HIPAA Privacy Rule which establishes national standards to protect PHI. Every organization conducting health care transactions electronically is familiar with its rules, and being “HIPAA Compliant” is mandatory. But such standards can create a false sense of security; is simply checking the boxes and satisfying an annual audit really enough to keep attackers at bay? Do standards written over the course of decades adequately cover today’s rapidly evolving threat landscape? Are processes developed in the days of enterprise data-centers sufficient to protect containerized microservices running in the cloud?

The Health Insurance Portability and Accountability Act, or HIPAA, is a United States law that seeks to protect the privacy of patients’ medical records and other health information provided to health plans, doctors, hospitals, and other health care providers. It seeks to make health insurance coverage available to everyone — even those who lose their jobs. It also aims to lower the cost of healthcare by setting up standards in the electronic transmission of financial and administrative transactions. As well, HIPAA is designed to help fight abuse, waste, and fraud in insurance and healthcare delivery. The act also gave rise to the HIPAA Privacy Rule, which is the first set of American standards that protect the health information of patients. All health-related clearinghouses, providers, and insurance plans are covered by the act, as well as all companies in the country that are handling or storing healthcare data.

Kubernetes is a multi-functional, container-centric platform for managing workloads and services. Given the fact that containers and container orchestration can dramatically improve costs, flexibility, and resilience, it’s no mystery why Kubernetes has soared in popularity since Google open-sourced it in 2014.

On one hand, it’s a powerful orchestration tool; on the other, it’s not a silver bullet that will solve all your problems. In fact, at the same time that it helps to manage dynamic infrastructure, it also introduces new vulnerabilities that pose a threat to security. To understand the value of Kubernetes, how to integrate it in a way that improves operational efficiency, and how to guard against the new vulnerabilities that container orchestration introduces, it’s critical that you have more than a passing knowledge.

So if you’re ready to start diving into Kubernetes, you’ve come to the right place. Below, we’ve curated a list of 50 top quality tutorials to help you fully understand Kubernetes architecture and best practices.Read more “50 Best Kubernetes Architecture Tutorials”

When Threat Stack security analyst Ethan Hansen saw an alert in a customer’s environment that read /temp [RANDOM] cnrig, he knew his afternoon was about to get interesting. As part of his role in the Threat Stack Cloud SecOps Program℠, Ethan regularly monitors customer environments and proactively investigates alerts like this on the customer’s behalf. In this case, his suspicions were warranted, and Threat Stack had identified an active Docker cryptojacking attack.

Ethan and Threat Stack Security Solutions Engineer John Shoenberger recently sat down with “Your System Called: A Threat Stack Podcast” to recount this investigation into a Docker cryptojacking attack, his process of putting together a specific list of actionable recommendations, and how he worked with the customer within an hour of the alert to mitigate the threat.